>
> I am trying to devise some acl's and am comming from a linux fw
> background, which allowed me to split my acl's into seperate tables
and
> effectively call one from the other. [...]
>
> I realise there's got to be a cisco way of doing this, and I'd
> appreciate any pointers anyone cares to share.
ACLs are used for a variety of things, so there is a "it depends"
answer: you can achieve the splitting (via route-maps and policies) when
you deal with ACLs for routing, however interface/traffic ACLs can't be
split this way, you can only apply a single ACL as an input/output ACL
to an interface. When it comes to firewall filtering, PIX/ASAs support
object groups which you can use to compile your ACLs, and one could also
aruge that the Zone-based IOS FW's class-maps for traffic classification
also allow a more modular approach.
hope this helps..
oli
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
